CN115865460A - Data transmission method and device, electronic equipment and storage medium - Google Patents
Data transmission method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115865460A CN115865460A CN202211492585.4A CN202211492585A CN115865460A CN 115865460 A CN115865460 A CN 115865460A CN 202211492585 A CN202211492585 A CN 202211492585A CN 115865460 A CN115865460 A CN 115865460A
- Authority
- CN
- China
- Prior art keywords
- key
- interactive
- party
- interaction
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 89
- 230000002452 interceptive effect Effects 0.000 claims abstract description 451
- 230000003993 interaction Effects 0.000 claims abstract description 271
- 238000012795 verification Methods 0.000 claims abstract description 133
- 230000008569 process Effects 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012546 transfer Methods 0.000 claims description 4
- 230000004927 fusion Effects 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 26
- 238000009795 derivation Methods 0.000 description 22
- 230000004044 response Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013524 data verification Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a data transmission method, a data transmission device, electronic equipment and a storage medium. The method comprises the following steps: generating a first temporary public and private key pair, wherein the first temporary public and private key pair comprises a first temporary public key and a first temporary private key; acquiring a first standard public key, a symmetric key and interactive identification information; generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key; generating first authentication information according to the authentication key; and sending the first authentication information, the first temporary public key and the interaction identification information to a second interaction party so that the second interaction party verifies the first authentication information and acquires and decrypts the interaction data which is transmitted by the first interaction party and encrypted based on the secure channel key when the verification is passed. The embodiment of the invention realizes the fusion use of the symmetric key and the asymmetric key and improves the data transmission safety.
Description
Technical Field
The embodiment of the invention relates to the technical field of data transmission, in particular to a data transmission method and device, electronic equipment and a storage medium.
Background
In the process of data transmission, the application of encrypting data is very wide.
At present, a symmetric key encryption mode can be adopted to encrypt data.
However, the encryption method of the symmetric key is easy to be broken, and the security is low.
Disclosure of Invention
The embodiment of the invention provides a data transmission method, a data transmission device, electronic equipment and a storage medium, and improves the safety of data transmission.
According to an aspect of the present invention, there is provided a data transmission method, applied to a first interacting party, the method including:
generating a first temporary public and private key pair, wherein the first temporary public and private key pair comprises a first temporary public key and a first temporary private key;
acquiring a first standard public key, a symmetric key and interactive identification information;
generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
generating first authentication information according to the authentication key;
and sending the first authentication information, the first temporary public key and the interaction identification information to a second interaction party so that the second interaction party verifies the first authentication information and acquires and decrypts the interaction data which is transmitted by the first interaction party and encrypted based on the secure channel key when the verification is passed.
According to another aspect of the present invention, there is provided a data transmission method, applied to a second interacting party, the method including:
receiving first authentication information, a first temporary public key and interaction identification information sent by a first interaction party;
acquiring a first standard public and private key pair and a symmetric key, and generating an interactive key according to a first temporary public key, a first standard private key, the symmetric key and interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
verifying the first authentication information according to the authentication key;
when the verification is passed, acquiring encrypted interactive data sent by a first interactive party;
and decrypting the encrypted interactive data by adopting the secure channel key to obtain the interactive data.
According to another aspect of the present invention, there is provided a data transmission apparatus, applied to a first interacting party, the apparatus comprising:
the first temporary key generation module is used for generating a first temporary public and private key pair, and the first temporary public and private key pair comprises a first temporary public key and a first temporary private key;
the first standard key acquisition module is used for acquiring a first standard public key, a symmetric key and interactive identification information;
the first interactive key generation module is used for generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
the first authentication information generation module is used for generating first authentication information according to the authentication key;
and the first authentication information sending module is used for sending the first authentication information, the first temporary public key and the interaction identification information to the second interaction party so that the second interaction party can verify the first authentication information and acquire and decrypt the interaction data which is transmitted by the first interaction party and encrypted based on the secure channel key when the verification is passed.
According to another aspect of the present invention, there is provided a data transmission apparatus, applied to a second interacting party, the apparatus comprising:
the first authentication information receiving module is used for receiving first authentication information, a first temporary public key and interaction identification information sent by a first interaction party;
the second interactive key generation module is used for acquiring the first standard public and private key pair and the symmetric key, and generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
the first authentication information checking module is used for checking the first authentication information according to the authentication key;
the encrypted interactive data acquisition module is used for acquiring encrypted interactive data sent by the first interactive party when the verification is passed;
and the encrypted interactive data decryption module is used for decrypting the encrypted interactive data by adopting the secure channel key to obtain the interactive data.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the data transmission method according to any of the embodiments of the invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement the data transmission method according to any one of the embodiments of the present invention when the computer instructions are executed.
According to the technical scheme of the embodiment of the invention, a first temporary public and private key pair is generated and comprises a first temporary public key and a first temporary private key; acquiring a first standard public key, a symmetric key and interactive identification information; generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key; generating first authentication information according to the authentication key; sending the first authentication information, the first temporary public key and the interaction identification information to a second interaction party so that the second interaction party can verify the first authentication information and acquire and decrypt the interaction data which is transmitted by the first interaction party and encrypted based on the secure channel key when the verification is passed; the problem of low security of the symmetric key is solved, the fused use of the symmetric key and the asymmetric key is realized, and the security of data transmission is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention;
fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention;
fig. 3 is a signaling flow chart of a data transmission method according to a third embodiment of the present invention;
fig. 4 is a signaling flow chart of a data transmission method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data transmission apparatus according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a data transmission apparatus according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device implementing the data transmission method according to the embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a data transmission method according to an embodiment of the present invention. The present embodiment may be applicable to the case of encrypted data transmission, and the method may be executed by a data transmission apparatus, which may be implemented in the form of hardware and/or software, and the data transmission apparatus may be configured in an electronic device carrying a data transmission function, in particular, a client device and a server device. The client device may include a mobile terminal, a computer, a vehicle-mounted terminal, and the like, and the server device may include a vehicle server, and the like. The mobile terminal may include a microcontroller device, a cell phone, and the like. The microcontroller device may include a bluetooth MCU (Micro Control Unit) or the like.
Referring to fig. 1, the data transmission method applied to a first interactive party includes:
and S110, generating a first temporary public and private key pair, wherein the first temporary public and private key pair comprises a first temporary public key and a first temporary private key.
And the first interactive party and the second interactive party carry out data transmission. Data transmitted between a first interactive party and a second interactive party usually needs a device with authority to acquire and process. The first interactive party and the second interactive party need to check identities with each other, and when the check identities pass, the first interactive party or the second interactive party can acquire data transmitted by the other party. The first interactive party and the second interactive party are electronic devices, and the specific type is not particularly limited. Illustratively, the first interactive party may comprise a mobile terminal or a vehicle server, etc.
The first temporary public-private key pair may be a public-private key pair temporarily generated by the first interacting party. Optionally, the first interacting party may generate the first temporary public and private key pair according to an Elliptic Curve Cryptography (ECC) algorithm. Illustratively, the first temporary public-private key pair may be generated according to a KeyPair function.
And S120, acquiring the first standard public key, the symmetric key and the interactive identification information.
The first standard public key may be a public key of a standard public-private key pair of the second interacting party. Usually, the second interactive party is not changed, and the first standard public and private key pair is not changed. And comparing the first standard public and private key pair with the first temporary public and private key pair, wherein the first temporary public and private key pair can be generated temporarily, and the first standard public and private key pair is usually unchanged. That is, different pairs of first temporary public and private keys are temporarily generated at different times of interaction, and different pairs of first standard public and private keys are the same at different times. The first standard public-private key pair may be an asymmetric key. The first standard public-private key pair may include a first standard public key and a first standard private key. And the second interactive party or the third party issues the first standard public key to the first interactive party. The symmetric key can be generated by any interactive party or a third party and is issued to the interactive party needing data transmission. Optionally, the symmetric keys of the two interacting parties performing data transmission may be the same; or different, but the two interacting parties may generate a symmetric key of the other interacting party according to the information, and specifically, a symmetric key of the other interacting party may be derived according to the symmetric key and the interaction identification information of one interacting party. The symmetric keys of the two interaction parties are fixed and unchanged in different interaction processes. The interaction identification information may comprise identification information of the first interacting party and/or identification information of the second interacting party, etc. For example, the identification information includes an ID (identification).
S130, generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key.
The interaction key may be a key required when the first interacting party and the second interacting party transmit interaction data. The authentication key may be used to verify the authority of the data transfer of the interacting party. The secure channel key may be used to encrypt and decrypt the secure channel. Wherein the secure channel may be used for secure transmission of the interactive data.
Specifically, the first temporary private Key, the first standard public Key, the symmetric Key, and the interaction identification information are used as input parameters, and a Key Derivation Function (KDF) is used to generate the interaction Key.
S140, generating first authentication information according to the authentication key.
The first authentication information may be used to verify a transmission right of data of the first interacting party. And the second interactive party checks the first authentication information to determine whether the second interactive party has the authority of acquiring the data of the first interactive party.
Specifically, the first Authentication information may be generated by using a CMAC (Cipher Block Chaining-Message Authentication Code) algorithm for the Authentication key.
S150, the first authentication information, the first temporary public key and the interaction identification information are sent to a second interaction party, so that the second interaction party verifies the first authentication information, and acquires and decrypts the interaction data which is transmitted by the first interaction party and encrypted based on the secure channel key when the verification is passed.
Optionally, the interaction identification information sent by the first interacting party to the second interacting party may include identification information of the first interacting party and identification information of the second interacting party. Because the second interacting party locally stores the identification information of the second interacting party, the interaction identification information sent by the first interacting party to the second interacting party may also only include the identification information of the first interacting party.
And when the second interactive party determines that the authentication information passes the verification, the second interactive party can receive the interactive data which is transmitted by the first interactive party and encrypted based on the secure channel key, decrypt the encrypted interactive data by adopting the generated secure channel key to obtain the interactive data, and perform post-processing.
According to the technical scheme of the embodiment of the invention, a first temporary public and private key pair is generated and comprises a first temporary public key and a first temporary private key, a first standard public key, a symmetric key and interaction identification information are obtained, and an interaction key is generated according to the first temporary private key, the first standard public key, the symmetric key and the interaction identification information and comprises an authentication key and a safe channel key, so that the fusion use of the symmetric key and the asymmetric key is realized; according to the authentication key, first authentication information is generated, the first authentication information, the first temporary public key and the interaction identification information are sent to a second interaction party, so that the second interaction party verifies the first authentication information, interaction data transmitted by the first interaction party and encrypted based on a secure channel key are obtained and decrypted when the verification is passed, the first authentication information is generated through the authentication key, verification of data transmission permission of the first interaction party by the second interaction party is achieved, encryption of the interaction data by the first interaction party is achieved based on the secure channel key, the process that the encrypted interaction data is decrypted by the second interaction party is achieved, data transmission of the second interaction party by the first interaction party is achieved, and safety of data transmission is improved.
In an optional embodiment of the present invention, the generating of the interaction key according to the first temporary private key, the first standard public key, the symmetric key, and the interaction identification information is specifically as follows: generating a first shared secret according to the first temporary private key and the first standard public key; and generating an interaction key according to the first shared secret, the symmetric key and the interaction identification information.
Since the first ephemeral private key is different from each interaction, the first shared secret generated by each mixing is random according to the first ephemeral private key and the first standard public key. The interactive secret key is generated through the randomly generated first shared secret, so that the complexity of the interactive secret key is further improved, and the safety of data transmission is further improved.
Specifically, an ECDH (Elliptic-curved Diffie-Hellman) algorithm may be first applied to the first temporary private key and the first standard public key to generate a first shared secret; the first shared secret, the symmetric key and the interactive identification information can be used as input parameters, and a key derivation function is adopted to generate the interactive key.
According to the scheme, the first shared secret is generated according to the first temporary private key and the first standard public key, so that mixed encryption of a first temporary public and private key pair of a first interaction party and a first standard public and private key pair of a second interaction party is realized; and generating an interactive key according to the first shared secret, the symmetric key and the interactive identification information, thereby improving the complexity of the interactive key and further improving the security of data transmission.
Optionally, the transmission of the interaction data between the first interacting party and the second interacting party may be that the second interacting party generates a second temporary public and private key pair after triggering the authentication condition, where the second temporary public and private key pair includes a second temporary public key and a second temporary private key, and the second interacting party sends the second temporary public key to the first interacting party. And after receiving the second temporary public key, the first interactive party generates an interactive key to realize data transmission between the first interactive party and the second interactive party. Illustratively, the first interactive party may be a mobile terminal, and the second interactive party may be a vehicle-mounted terminal.
In an optional embodiment of the present invention, before generating the interaction key according to the first shared secret, the symmetric key, and the interaction identification information, the method further includes: and receiving a second temporary public key sent by a second interactive party. Generating an interaction key according to the first shared secret, the symmetric key and the interaction identification information, which is embodied as: generating a second shared secret according to the first temporary private key and the second temporary public key; and generating an interaction key according to the first shared secret, the second shared secret, the symmetric key and the interaction identification information.
The second temporary public-private key pair may be a public-private key pair temporarily generated by the second interacting party. The second temporary public-private key pair may be temporarily generated each time an interaction is made. The second temporary public-private key pair may refer to a description of the first temporary public-private key pair. The second ephemeral public-private key pair may include a second ephemeral public key and a second ephemeral private key. The second interactive party issues a second temporary public key to the first interactive party. The second shared secret is used to mix the first ephemeral private key and the second ephemeral public key. The second shared secret is generated in the same manner as the first shared secret. However, the second shared secret is a mixture of a first ephemeral private key of the first interacting party and a second ephemeral public key of the second interacting party, and the first shared secret is a mixture of a first ephemeral private key of the first interacting party and a first standard public key of the second interacting party. The temporary public and private key pairs are temporarily generated each time, and the randomness of different times is increased by using the second shared secret generated by the two temporary public and private key pairs. The second shared secret is more random than the first shared secret generated with a single temporal public-private key pair. And mixing the first temporary private key and the second temporary public key to obtain a second shared secret, further processing the first temporary private key and the second temporary public key, and generating an interactive key aiming at the second shared secret, so that the complexity of the generation process of the interactive key is increased, and the safety of the interactive key is further ensured. And generating the interactive key according to the first shared secret, the second shared secret, the symmetric key and the interactive identification information further improves the complexity of the interactive key.
Specifically, the first interacting party may receive the second temporary public key sent by the second interacting party. The first temporary private key and the second temporary public key may be generated by using an ECDH (electronic-secure Diffie-Hellman) algorithm, and the first shared secret, the second shared secret, the symmetric key, and the interaction identification information may be used as input parameters, and the key derivation function may be used to generate the interaction key.
According to the scheme, a second shared secret is generated according to a first temporary private key and a second temporary public key by receiving the second temporary public key sent by a second interactive party, so that mixed encryption of a first temporary public and private key pair of the first interactive party and a second temporary public and private key pair of the second interactive party is realized; generating an interactive key according to the first shared secret, the second shared secret, the symmetric key and the interactive identification information, thereby further improving the complexity of the interactive key; meanwhile, the second temporary public and private key pair is added in the generation of the interactive key, so that the subsequent data transmission has Forward security (Forward security), and the security of the data transmission is further improved.
In an optional embodiment of the present invention, after sending the first authentication information, the first temporary public key, and the interaction identification information to the second interacting party, the method further includes: receiving second authentication information sent by a second interactive party; verifying the second authentication information by adopting the authentication key; when the verification is passed, encrypting the interactive data by adopting a secure channel key, and transmitting the interactive data to a second interactive party; and acquiring the encrypted interactive data sent by the second interactive party, and decrypting to obtain the interactive data sent by the second interactive party.
The second authentication information may be used to verify the transmission right of the data of the second interacting party. And checking the second authentication information to determine whether the first interaction party has the authority of acquiring the data of the second interaction party. The first authentication information may be used to verify a transmission right of the data of the first interacting party. The first authentication information and the second authentication information are authentication information of two interaction parties for data transmission respectively. The mutual verification between the first interaction party and the second interaction party is completed through the verification of the first authentication information by the second interaction party and the verification of the second authentication information by the first interaction party, and the safe transmission of data between the first interaction party and the second interaction party is realized.
Specifically, the first authentication information is verified through an authentication key generated by the second interactive party, and if the authentication key generated by the second interactive party is the same as the authentication key contained in the first authentication information, the verification is passed; otherwise, the check fails. If the verification is passed, the second interactive party has the transmission authority for acquiring the data of the first interactive party, and the second interactive party can decrypt the interactive data transmitted by the first interactive party by using the self-generated secure channel key to acquire the interactive data transmitted by the first interactive party. Verifying the second authentication information through the authentication key generated by the first interactive party, and if the authentication key generated by the first interactive party is the same as the authentication key contained in the second authentication information, the verification is passed; otherwise, the check fails. If the verification is passed, the first interaction party has the transmission permission to acquire the data of the second interaction party, and the first interaction party can decrypt the interactive data transmitted by the second interaction party by using the self-generated secure channel key to acquire the interactive data transmitted by the second interaction party.
According to the scheme, the second authentication information sent by the second interactive party is received, the authentication key is adopted to verify the second authentication information, mutual verification between the first interactive party and the second interactive party is achieved, when the verification is passed, the first interactive party encrypts interactive data through the secure channel key and transmits the encrypted interactive data to the second interactive party, the encrypted interactive data sent by the second interactive party is obtained and decrypted, and safe transmission of the data between the first interactive party and the second interactive party is achieved.
Optionally, the transmission of the interactive data between the first interactive party and the second interactive party may be performed by unidirectionally sending the interactive data to the second interactive party for the first interactive party, where the interactive data may be offline update data. Illustratively, the first interactive party may be a vehicle server, and the second interactive party may be a vehicle terminal.
In an optional embodiment of the present invention, before sending the first authentication information, the first temporary public key, and the interaction identification information to the second interacting party, the method further includes: acquiring interactive verification information; and acquiring offline data, and encrypting by adopting a secure channel key to obtain encrypted interactive data. When the first authentication information, the first temporary public key and the interaction identification information are sent to the second interacting party, the method further comprises the following steps: and sending the interactive verification information and the encrypted interactive data to a second interactive party so that the second interactive party verifies the interactive verification information, verifies the first authentication information when the interactive verification information passes verification, and decrypts and processes the encrypted interactive data when the first authentication information passes verification.
The interaction verification information may be used to verify the identity of the second interacting party. And sending interaction checking information to the second interaction party to confirm whether the interaction party to perform data interaction with the first interaction party is the second interaction party. The interactive verification information is different from the first authentication information. The interaction verification information is used for verifying the second interactive party before generating the interaction key. And the first authentication information is used for verifying the second interactive party after the interactive verification information passes verification, in particular to whether the second interactive party has the authority of acquiring the data. The offline data may be interactive data that the first interactive party may issue to the second interactive party offline. Before the offline data is issued, the second interactive party does not need to send data to the first interactive party, that is, the first interactive party can send data to the second interactive party without paying attention to the state of the second interactive party. For example, if the second interacting party is a vehicle-mounted terminal, the interaction verification information may be an authentication serial number of the vehicle. The offline data updates the data of the local data for the second interactive party.
Specifically, the first authentication information, the first temporary public key, and the interaction identification information may be sent to the second interacting party, and the interaction verification information and the encrypted interaction data may also be sent to the second interacting party. The second interactive party can firstly verify the interactive verification information, when the interactive verification information passes verification, the interactive key is generated to verify the first authentication information, and when the first authentication information passes verification, the encrypted interactive data is decrypted and processed.
According to the scheme, the interactive verification information is obtained, the offline data is obtained, the secure channel key is used for encryption, the encrypted interactive data is obtained, the first authentication information, the first temporary public key and the interactive identification information are sent to the second interactive party, the interactive verification information and the encrypted interactive data are sent to the second interactive party, so that the second interactive party verifies the interactive verification information, the first authentication information is verified when the interactive verification information passes, the encrypted interactive data is decrypted and processed when the first authentication information passes, and the offline data is sent to the second interactive party, so that the unidirectional offline updating of the data of the second interactive party by the first interactive party is realized; the second interactive party issues the interactive verification information through the first interactive direction, and on the basis of verifying the first authentication information, the verification of the interactive verification information is increased, so that the double verification of the second interactive party is realized, and the safety of data transmission of the second interactive party from the first interactive direction is improved.
Example two
Fig. 2 is a flowchart of a data transmission method according to a second embodiment of the present invention. The present embodiment may be applicable to a case of performing encrypted transmission on data, and the method may be performed by a data transmission apparatus, which may be implemented in a form of hardware and/or software, and the data transmission apparatus may be configured in an electronic device carrying a data transmission function, in particular, a client device and a server device. The client device may include a mobile terminal, a computer, a vehicle-mounted terminal, and the like, and the server device may include a vehicle server, and the like. The mobile terminal may include a microcontroller device, a cell phone, and the like. The microcontroller device may include a bluetooth MCU (Micro Control Unit) or the like.
Referring to fig. 2, the data transmission method applied to the second interactive party includes:
s210, first authentication information, a first temporary public key and interaction identification information sent by a first interaction party are received.
And the second interactive party performs data transmission with the first interactive party. And the second interactive party can acquire the data transmitted by the first interactive party after the data transmission permission is verified. The first authentication information is used for verifying the data transmission authority of the first interaction party. The first temporary public key may be a public key temporarily generated by the first interactive party. The interaction identification information may include identification information of the first interacting party and identification information of the second interacting party, or may only include identification information of the first interacting party, which is specifically consistent with the interaction identification information sent by the first interacting party.
S220, obtaining a first standard public and private key pair and a symmetric key, and generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key.
The first standard public-private key pair may be a public-private key pair generated by the second interacting party. The first standardized public-private key pair of the second interactive party may include a first standardized public key and a first standardized private key. Typically, the first standard public-private key pair is fixed. The first temporary public key may be temporarily generated as compared to the first standard public-private key pair, which is typically left unchanged. The symmetric key can be generated by any interactive party or a third party and is issued to the interactive party needing data transmission. Optionally, when the symmetric keys of the two interacting parties are the same, the symmetric key may be directly a symmetric key local to the interacting party, for example, the symmetric key may be a symmetric key of the second interacting party; when the symmetric keys of the two interacting parties are different, the symmetric key of the other interacting party can be derived according to the local symmetric key of the one interacting party and the identification information of the other interacting party. The symmetric keys of the two interacting parties remain unchanged during different interactions. The interaction key may be a key required when the first interacting party and the second interacting party transmit interaction data. The authentication key may be used to authenticate the authority of the data transfer of the interacting party. The secure channel key may be used to encrypt and decrypt the secure channel.
Specifically, the first temporary public Key, the first standard private Key, the symmetric Key, and the interaction identification information are used as input parameters, and a Key Derivation Function (KDF) is adopted to generate the interaction Key.
And S230, verifying the first authentication information according to the authentication key.
Specifically, the first authentication information may be verified through an authentication key generated by the second interactive party, and verification information is generated according to the authentication key generated by the second interactive party, where if the generated verification information is the same as the first authentication information, the second interactive party passes the identity authentication of the first interactive party, and the second interactive party has the right to acquire data transmission of the first interactive party, the verification is passed, and otherwise, the verification is not passed.
On one hand, whether the second interaction party has the authority to acquire the data transmitted by the first interaction party can be confirmed by checking the first authentication information according to the authentication key of the second interaction party; on the other hand, the interaction key generated by the second interaction party is ensured to be the same as the interaction key generated by the first interaction party, and the subsequent decryption of the interaction data sent by the first interaction party through the secure channel key generated by the second interaction party is ensured.
S240, when the verification is passed, the encrypted interactive data sent by the first interactive party is obtained.
Specifically, if the verification passes, the second interactive party has the authority to acquire the encrypted interactive data sent by the first interactive party, and the second interactive party acquires the encrypted interactive data sent by the first interactive party.
And S250, decrypting the encrypted interactive data by adopting the secure channel key to obtain the interactive data.
Specifically, the encrypted interactive data may be decrypted by using a secure channel key generated by the second interactive party, so as to obtain the interactive data.
The technical scheme of the embodiment of the invention obtains a first standard public and private key pair and a symmetric key by receiving first authentication information, a first temporary public key and interaction identification information sent by a first interactive party, generates an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interaction identification information, and realizes the fusion use of the symmetric key and the asymmetric key by a second interactive party by generating the interactive key of the second interactive party; the first authentication information is verified according to the authentication key, and when the verification is passed, the encrypted interactive data sent by the first interactive party is obtained, so that the verification of the first authentication information by the second interactive party is realized; the encrypted interactive data is decrypted by adopting the secure channel key to obtain the interactive data, so that the process that the second interactive party obtains the interactive data transmitted by the first interactive party is realized, and the security of data transmission is improved.
Optionally, the transmission of the interactive data between the first interactive party and the second interactive party may be that the second interactive party generates a second temporary public and private key pair after triggering the authentication condition, and sends the second temporary public key to the first interactive party. And after receiving the second temporary public key, the first interactive party generates an interactive key, generates first authentication information according to the authentication key, and sends the first authentication information to the second interactive party. And the second interactive party generates an interactive key after receiving the first authentication information, verifies the first authentication information according to the authentication key, and realizes data transmission between the second interactive party and the first interactive party when the verification is passed. Illustratively, the first interactive party may be a mobile terminal, and the second interactive party may be a vehicle-mounted terminal.
In an optional embodiment of the present invention, before receiving the first authentication information, the first temporary public key, and the interaction identification information sent by the first interacting party, the method further includes: and generating a second temporary public and private key pair, and sending the second temporary public key to the first interaction party. Generating an interactive key according to a first temporary public key, a second temporary private key, a first standard public and private key pair, a symmetric key and interactive identification information, and specifically comprising the following steps: generating a first shared secret according to the first temporary public key and the first standard private key; acquiring a second temporary private key; generating a second shared secret according to the first temporary public key and the second temporary private key; and generating an interaction key according to the first shared secret, the second shared secret, the symmetric key and the interaction identification information.
The first shared secret is used to mix a first temporary public-private key pair and a first standard public-private key pair. The second shared secret is used to mix the first temporary public-private key pair and the second temporary public-private key pair. The method comprises the steps of mixing a first temporary public key and a first standard private key to obtain a first shared secret, mixing the first temporary public key and a second temporary private key to obtain a second shared secret, further processing the first shared secret and the second shared secret to obtain an interaction key, increasing complexity of an interaction key generation process of a second interaction party, unifying the generation process of the interaction key of the second interaction party and the generation process of the interaction key of the first interaction party, ensuring that the interaction key generated by the second interaction party can be used for verifying and decrypting data transmitted by the first interaction party.
Due to the algorithmic nature of ECDH (elastic-curved Diffie-Hellman), although the first interacting party generates the first shared secret based on the first temporary private key and the first standard public key, and the second interacting party generates the first shared secret based on the first temporary public key and the first standard private key, the first shared secret generated by the first interacting party is the same as the first shared secret generated by the second interacting party. Similarly, the second shared secret generated by the first interacting party and the second shared secret generated by the second interacting party are also the same. Therefore, the interaction key generated by the second interaction party can be used for verifying the first authentication information of the first interaction party and decrypting the encrypted interaction data of the first interaction party.
Specifically, the second interacting party may generate a second temporary public-private key pair when the authentication condition is triggered. Wherein the second temporary public-private key pair may include a second temporary public key and a second temporary private key. For example, if the second interacting party is a vehicle-mounted terminal, the authentication condition may include: approaching the vehicle end, unlocking the lock, opening the door, or triggering a command to start the vehicle, etc.
Specifically, an ECDH algorithm may be used for a first standard private key in the first temporary public key and the first standard public and private key pair to generate a first shared secret. The ECDH algorithm may be employed on a second ephemeral private key in the pair of first ephemeral public key and second ephemeral public private key to generate a second shared secret. The first shared secret, the second shared secret, the symmetric key and the interactive identification information can be used as input parameters, and a key derivation function is adopted to generate the interactive key.
Optionally, after the second interacting party verifies the first authentication information, the method further includes: and generating second authentication information, and sending the second authentication information to the first interaction party, so that the first interaction party can verify the second authentication information, and after the verification is passed, mutual transmission of interactive data between the first interaction party and the second interaction party is realized.
According to the scheme, a second temporary public and private key pair is generated before first authentication information, a first temporary public key and interaction identification information sent by a first interaction party are received, the second temporary public and private key pair is sent to the first interaction party, a first shared secret is generated according to the first temporary public key and a first standard private key, a second temporary public and private key pair is obtained, a second shared secret is generated according to the first temporary public key and the second temporary private key, an interaction key is generated according to the first shared secret, the second shared secret, a symmetric key and the interaction identification information, the complexity of the interaction key is improved, meanwhile, the consistency of the process of generating the interaction key by the second interaction party and the process of generating the interaction key by the first interaction party is realized, the fact that the first authentication information can be verified by the second interaction party is guaranteed, the interaction data encrypted by the first interaction party can be decrypted by the second interaction party, the temporary public and private key pair is generated by the interaction parties at the same time, the interaction keys are generated, and the data transmission based on a subsequent security key channel is provided with Forward security secret security (secret).
Optionally, the transmission of the interactive data between the first interactive party and the second interactive party may be performed by unidirectionally sending the interactive data to the second interactive party for the first interactive party, where the interactive data may be offline update data. Illustratively, the first interactive party may be a vehicle server, and the second interactive party may be a vehicle terminal.
In an optional embodiment of the present invention, while receiving the first authentication information, the first temporary public key, and the interaction identification information sent by the first interacting party, the method further includes: acquiring interactive verification information and encrypted interactive data sent by a first interactive party; and acquiring pre-stored local verification information, and verifying the interactive verification information. Generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, which is embodied as follows: and when the interactive verification information passes verification, generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information. After the encrypted interactive data is decrypted by using the secure channel key to obtain the interactive data, the method further comprises the following steps: and updating the local data by adopting the interactive data.
The interaction verification information may be used to verify the identity of the second interacting party. And acquiring interaction check information sent by the first interaction party to confirm whether the interaction party to perform data interaction by the first interaction party is the second interaction party. The local verification information and the interactive verification information are respectively stored in both parties for data interaction. And comparing the local verification information with the interactive verification information to realize the preliminary verification of the second interactive party. The interactive verification information is different from the first authentication information, and the interactive verification information is used for verifying the second interactive party before generating the interactive key. And the first authentication information is used for verifying the second interactive party after the interactive verification information passes verification, in particular to verify whether the second interactive party has the authority of acquiring the data. The interaction data may include offline data. Updating the local data with the interactive data may be understood as updating the local data of the second interactive party with the offline data. The offline data may be interactive data that the first interactive party may issue to the second interactive party offline.
Specifically, the interactive verification information sent by the first interactive party and the local verification information prestored by the second interactive party can be compared, and if the two are the same, the interactive verification information passes the verification; otherwise, the check fails. If the interactive verification information passes verification, the first temporary public Key, the first standard private Key in the first standard public and private Key pair, the symmetric Key and the interactive identification information can be used as input parameters, and a Key Derivation Function (KDF) is adopted to generate the interactive Key.
According to the scheme, when first authentication information, a first temporary public key and interaction identification information sent by a first interaction party are received, interaction verification information and encrypted interaction data sent by the first interaction party are obtained, prestored local verification information is obtained, the interaction verification information is verified, when the interaction verification information passes verification, an interaction key is generated according to the first temporary public key, a first standard private key, a symmetric key and the interaction identification information, verification of the interaction verification information is achieved through the prestored local verification information, and then preliminary verification of a second interaction party is achieved before the interaction key is generated; after the encrypted interactive data are decrypted by adopting the secure channel key to obtain the interactive data, the local data are updated by adopting the interactive data, and the offline updating of the local data is realized while the security of data transmission is considered.
In the above embodiments, the first interactive party and the second interactive party may be interchanged. It is to be understood that the first interactive party may also include: a vehicle-mounted terminal, etc. The second interacting party may also comprise a mobile terminal or a vehicle server or the like. The specific implementation process is the same as that in the above embodiment, and is not described herein.
EXAMPLE III
Fig. 3 is a signaling flowchart of a data transmission method according to a third embodiment of the present invention. The present embodiment provides a preferred embodiment in which the first interacting party and the second interacting party interact with each other to perform data transmission on the basis of the above embodiment. As shown in fig. 3, the first interacting party is a mobile terminal, and the second interacting party is a vehicle-mounted terminal. The mobile terminal stores a symmetric key and a first standard public key of the mobile terminal, and the vehicle-mounted terminal stores a symmetric key, a first standard public key and a first standard private key of the vehicle-mounted terminal.
Referring to fig. 3, the data transmission method includes:
s301, the vehicle-mounted terminal generates a second temporary public and private key pair.
Specifically, when the vehicle-mounted terminal triggers the authentication condition, the vehicle-mounted terminal can generate a second temporary public and private key pair according to an elliptic curve encryption algorithm.
For example, the following formula may be adopted to generate the second temporary public-private key pair:
(Vehicle_eSK,Vehicle_ePK)=KeyPair();
in the formula, the Vehicle _ eSK is a second temporary private key of the Vehicle-mounted terminal; the Vehicle _ ePK is a second temporary public key of the Vehicle-mounted terminal; keyPair is a key pair function of an elliptic curve cryptography algorithm.
S302, the vehicle-mounted terminal sends the second temporary public key and the identification information of the vehicle-mounted terminal to the mobile terminal.
The identification information of the vehicle-mounted terminal may be a vehicle ID.
S303, the mobile terminal generates a first temporary public and private key pair.
Specifically, the mobile terminal may generate a first temporary public-private key pair according to an elliptic curve cryptography algorithm.
For example, the following formula may be employed to generate the first temporary public-private key pair:
(DigitalKey_eSK,DigitalKey_ePK)=KeyPair();
in the formula, the digitalKey _ eSK is a first temporary private key of the mobile terminal; the DigitalKey _ ePK is a first temporary public key of the mobile terminal; keyPair is a key pair function of an elliptic curve cryptography algorithm.
S304, the mobile terminal generates a first shared secret based on the first temporary private key and the first standard public key.
Specifically, the first shared secret may be generated by using an ECDH algorithm for the first temporary private key and the first standard public key.
Illustratively, the first shared secret may be generated using the following equation:
Kdhse=ECDH(DigitalKey_eSK,Vehicle_PK);
wherein Kdhse is the first shared secret; ECDH is a key agreement algorithm; digitalKey _ eSK is a first temporary private key; vehicle _ PK is the first standard public key.
S305, the mobile terminal generates a second shared secret based on the first temporary private key and the second temporary public key.
Specifically, the ECDH algorithm may be applied to the first ephemeral private key and the second ephemeral public key to generate the second shared secret.
Illustratively, the second shared secret may be generated using the following equation:
Kdhee=ECDH(DigitalKey_eSK,Vehicle_ePK);
wherein Kdhee is the second shared secret; ECDH is a key agreement algorithm; digitalKey _ eSK is a first temporary private key; the Vehicle _ ePK is a second temporary public key.
S306, the mobile terminal obtains the interactive key through mixed derivation based on the first shared secret, the second shared secret, the symmetric key and the interactive identification information.
Specifically, the first shared secret, the second shared secret, the symmetric key, and the interactive identification information may be used as input parameters, and a key derivation function is adopted to generate the interactive key.
Illustratively, the following formula may be employed to generate the interaction key:
KDFParameters=Dkey||Kdhee||VehicleID||DigitalKeyID;
KVmac||KDmac||Kenc||Kmac=KDF(Kdhse,Parameters,64);
in the formula, KDFParameter is an input parameter of a key derivation function; DKey is a symmetric key; kdhe is the second shared secret; the VehicleID is identification information of the vehicle-mounted terminal; the digitalKeyID is identification information of the mobile terminal; kdhse is the first shared secret; KDF is a key derivation function; KVmac and KDmac are authentication keys; kenc and Kmac are secure channel keys.
S307, the mobile terminal generates first authentication information using the authentication key.
Specifically, the mobile terminal may generate the first authentication information by using an authentication key, a first temporary public key, and a second temporary public key corresponding to the mobile terminal and using a CMAC algorithm.
For example, the following formula may be adopted to generate the first authentication information:
AuthParameters=DigitalKey_ePK.x||Vehicle_ePK.x;
DigitalKeyAuthCode=AES_CMAC(KDmac,AuthParameters,128);
in the formula, authParameters is an input parameter of the CMAC algorithm; digitalKey _ epk.x is the x value of the first temporary public key; the Vehicle _ ePK.x is the x value of the second temporary public key; digitalKeyAuthcode is first authentication information; AES (Advanced Encryption Standard ) is a symmetric key algorithm; CMAC is cipher block chaining-message authentication code algorithm; and the KDmac is an authentication key corresponding to the mobile terminal.
S308, the mobile terminal sends an authentication request to the vehicle-mounted terminal.
The authentication request comprises identification information of the mobile terminal, a first temporary public key and first authentication information.
S309, the vehicle-mounted terminal derives the symmetric key of the mobile terminal according to the symmetric key of the vehicle-mounted terminal and the identification information of the mobile terminal.
Specifically, the symmetric key of the vehicle-mounted terminal is different from the symmetric key of the mobile terminal, and the symmetric key of the mobile terminal can be derived through the symmetric key of the vehicle-mounted terminal and the identification information of the mobile terminal.
S310, the vehicle-mounted terminal generates a first shared secret based on the first standard private key and the first temporary public key.
Specifically, an ECDH algorithm may be used for the first standard private key and the first ephemeral public key to generate the first shared secret.
Illustratively, the first shared secret may be generated using the following formula:
Kdhse=ECDH(Vehicle_SK,DigitalKey_ePK);
wherein Kdhse is the first shared secret; ECDH is a key agreement algorithm; vehicle _ SK is a first standard private key; digitalKey _ ePK is the first temporary public key.
S311, the vehicle-mounted terminal generates a second shared secret based on the second temporary private key and the first temporary public key.
Specifically, the second shared secret may be generated by using an ECDH algorithm for the second temporary private key and the first temporary public key.
Illustratively, the second shared secret may be generated using the following equation:
Kdhee=ECDH(Vehicle_eSK,DigitalKey_ePK);
wherein Kdhee is the second shared secret; ECDH is a key agreement algorithm; the Vehicle _ eSK is a second temporary private key; digitalKey _ ePK is the first temporary public key.
S312, the vehicle-mounted terminal obtains the interactive key through hybrid derivation based on the first shared secret, the second shared secret, the symmetric key and the interactive identification information.
Specifically, the first shared secret, the second shared secret, the symmetric key, and the interactive identification information may be used as input parameters, and a key derivation function is used to generate the interactive key.
Illustratively, the following formula may be employed to generate the interaction key:
KDFParameters=Dkey||Kdhee||VehicleID||DigitalKeyID;
KVmac||KDmac||Kenc||Kmac=KDF(Kdhse,KDFParameters,64);
in the formula, KDFParameters are input parameters of a key derivation function; DKey is a symmetric key; kdhe is the second shared secret; the VehicleID is identification information of the vehicle-mounted terminal; the digitalKeyID is identification information of the mobile terminal; kdhse is the first shared secret; KDF is a key derivation function; KVmac and KDmac are authentication keys; kenc and Kmac are secure channel keys.
S313, the vehicle-mounted terminal verifies the first authentication information by using the authentication key.
Specifically, the vehicle-mounted terminal may verify the first authentication information by using an authentication key of the mobile terminal generated by the vehicle-mounted terminal. As in the above example, the in-vehicle terminal may calculate the verification authentication information using the KDmac generated by itself, and then compare the verification authentication information with the first authentication information to verify the first authentication information.
And S314, after the verification is passed, the vehicle-mounted terminal generates second authentication information by using the authentication key.
Specifically, the vehicle-mounted terminal may generate the second authentication information by using an authentication key, the first temporary public key, and the second temporary public key corresponding to the vehicle-mounted terminal and using a CMAC algorithm.
For example, the following formula may be adopted to generate the second authentication information:
AuthParameters=DigitalKey_ePK.x||Vehicle_ePK.x;
VehicleAuthCode=AES_CMAC(KVmac,AuthParameters,128);
in the formula, authParameters is an input parameter of the CMAC algorithm; digitalKey _ epk.x is the x value of the first temporary public key; the Vehicle _ ePK.x is the x value of the second temporary public key; the VehicleAuthCode is second authentication information; AES is a symmetric key algorithm; CMAC is cipher block chaining-message authentication code algorithm; and the KDmac is an authentication key corresponding to the mobile terminal.
And S315, the vehicle-mounted terminal sends an authentication response to the mobile terminal.
Wherein the authentication response includes the second authentication information.
And S316, the mobile terminal verifies the second authentication information by using the authentication key.
Specifically, the mobile terminal may verify the second authentication information by using an authentication key of the vehicle-mounted terminal generated by the mobile terminal. As in the above example, the mobile terminal may calculate the verification information using KVmac generated by itself, and then compare the verification information with the second authentication information to verify the second authentication information.
And S317, after the verification is passed, the mobile terminal and the vehicle-mounted terminal perform mutual transmission of interactive data based on the secure channel key.
As in the above example, the mobile terminal and the in-vehicle terminal may perform mutual transmission of the interactive data based on the secure channel keys Kenc and Kmac.
According to the scheme, the first interaction party is specifically exemplified as a mobile terminal, the second interaction party is specifically an in-vehicle terminal, the keys of the first interaction party and the second interaction party are fused and used by generating a first shared secret and a second shared secret, the randomness and the complexity of a key generation process are increased, the interaction keys are generated by mixed derivation through the first shared secret, the second shared secret, the symmetric keys and the interaction identification information, and the fusion and use of the symmetric keys and the asymmetric keys are realized; and the first interactive party and the second interactive party respectively generate interactive keys, the data transmission authority of the first interactive party or the data transmission authority of the second interactive party is respectively verified through the authentication keys, and the transmission of interactive data is realized by utilizing the secure channel key after the verification is passed, so that the security of data transmission between the first interactive party and the second interactive party is improved.
The mobile terminal and the vehicle-mounted terminal in the above example may be interchanged, and the specific implementation process is the same as that in the above example, which is not described herein again.
Fig. 4 is a signaling flowchart of a data transmission method according to a third embodiment of the present invention. The present embodiment provides a preferred embodiment in which the first interacting party issues the interactive data to the second interacting party in a single direction to perform data transmission based on the above embodiments. As shown in fig. 4, the first interacting party is a vehicle server, and the second interacting party is a vehicle-mounted terminal, where the vehicle server includes a TSM (Trusted Service Manager) module, and the vehicle-mounted terminal includes an ECU (Electronic Control Unit) and a security module. The vehicle server stores a symmetric key and a first standard public key, and the vehicle-mounted terminal stores the symmetric key, the first standard public key and a first standard private key.
Referring to fig. 4, the data transmission method includes:
s401, the vehicle server obtains the interactive verification information and the interactive identification information.
The interactive verification information may be a vehicle authentication serial number. The interactive identification information may include identification information of the in-vehicle terminal security module and identification information of the vehicle server. For example, the identification information of the vehicle terminal Security Module may include a Security Module Identifier (SEID), and the identification information of the vehicle server may include a server ID.
S402, the vehicle server generates a first temporary public and private key pair.
Specifically, the vehicle server may generate a first temporary public-private key pair according to an elliptic curve cryptography algorithm.
Illustratively, the following formula may be employed to generate the first temporary public-private key pair:
(Server_eSK,Server_ePK)=KeyPair();
in the formula, the Server _ eSK is a first temporary private key of the vehicle Server; the Server _ ePK is a first temporary public key of the vehicle Server; keyPair is a key pair function of an elliptic curve cryptography algorithm.
S403, the vehicle server generates a first shared secret based on the first temporary private key and the first standard public key.
Specifically, the first shared secret may be generated by using an ECDH algorithm for the first temporary private key and the first standard public key.
Illustratively, the first shared secret may be generated using the following formula:
Kdh=ECDH(Server_eSK,Vehicle_PK);
wherein Kdh is the first shared secret; ECDH is a key agreement algorithm; the Server _ eSK is a first temporary private key; vehicle _ PK is the first standard public key.
S404, the vehicle server generates an interaction key based on the first shared secret, the symmetric key and the interaction identification information.
Specifically, the first shared secret, the symmetric key, and the interactive identification information may be used as input parameters, and a key derivation function is adopted to generate the interactive key.
Illustratively, the following formula may be employed to generate the interaction key:
KDFParameters=VKey||SEID||ServerID;
KVmac||KDmac||Kenc||Kmac=KDF(Kdh,KDFParameters,64);
in the formula, KDFParameters are input parameters of a key derivation function; VKey is a symmetric key; kdh is the first shared secret; the SEID is identification information of a vehicle-mounted terminal security module; serverID is identification information of the vehicle server; KDF is a key derivation function; KVmac and KDmac are authentication keys; kenc and Kmac are secure channel keys.
S405, the vehicle server generates first authentication information using the authentication key.
Specifically, the authentication key corresponding to the vehicle server is used, and the CMAC algorithm is adopted for the interactive verification information and the first temporary public key to generate the first authentication information.
For example, the following formula may be adopted to generate the first authentication information:
AuthParameters=VehicleAuthenticationSN||Server_ePK;
ServerAuthCode=AES_CMAC(KDmac,AuthParameters,128);
in the formula, authParameters is an input parameter of the CMAC algorithm; the vehicle AutothenationSN is interactive check information; the Server _ ePK is a first temporary public key of the vehicle Server; the ServerAuthcode is first authentication information; AES (Advanced Encryption Standard ) is a symmetric key algorithm; CMAC (Cipher Block Chaining-Message Authentication Code) is Cipher Block Chaining-Message Authentication Code algorithm; and the KDmac is an authentication key corresponding to the vehicle server.
S406, the vehicle server generates the encrypted offline data by adopting the secure channel key.
S407, the vehicle server sends the authentication request and the encrypted offline data to the vehicle-mounted terminal ECU.
The authentication request comprises a first temporary public key, first authentication information and interaction identification information.
And S408, the vehicle-mounted terminal ECU sends an authentication request to the vehicle-mounted terminal security module.
And S409, the vehicle-mounted terminal safety module verifies the interactive verification information according to the pre-stored local verification information.
S410, when the verification is passed, generating a first shared secret based on the first standard private key and the first temporary public key.
Specifically, the first shared secret may be generated by using an ECDH algorithm for the first standard private key and the first temporary public key.
Illustratively, the first shared secret may be generated using the following formula:
Kdh=ECDH(Vehicle_SK,Server_ePK);
wherein Kdh is the first shared secret; ECDH is a key agreement algorithm; vehicle _ SK is a first standard private key; the Server _ ePK is a first temporary public key.
S411, the vehicle-mounted terminal obtains the interactive key through hybrid derivation based on the first shared secret, the symmetric key and the interactive identification information.
Specifically, the first shared secret, the symmetric key, and the interactive identification information may be used as input parameters, and a key derivation function is adopted to generate the interactive key.
Illustratively, the following formula may be employed to generate the interaction key:
KDFParameters=VKey||SEID||ServerID;
KVmac||KDmac||Kenc||Kmac=KDF(Kdh,KDFParameters,64);
in the formula, KDFParameters are input parameters of a key derivation function; VKey is a symmetric key; kdh is the first shared secret; the SEID is identification information of a vehicle-mounted terminal security module; serverID is identification information of the vehicle server; KDF is a key derivation function; KVmac and KDmac are authentication keys; kenc and Kmac are secure channel keys.
And S412, the vehicle-mounted terminal security module verifies the first authentication information by using the authentication key.
Specifically, the vehicle-mounted terminal security module may verify the first authentication information by using an authentication key of the vehicle server generated by the vehicle-mounted terminal security module. As in the above example, the vehicle-mounted terminal security module may generate the verification information using the KDmac generated by itself, and then compare the verification information with the first authentication information to verify the first authentication information.
S413, the in-vehicle terminal generates second authentication information using the authentication key.
Specifically, the authentication key corresponding to the vehicle-mounted terminal security module is used, and the CMAC algorithm is adopted for the interactive verification information and the first temporary public key to generate second authentication information.
For example, the following formula may be adopted to generate the second authentication information:
AuthParameters=VehicleAuthenticationSN||Server_ePK;
SEAuthCode=AES_CMAC(KVmac,AuthParameters,128);
in the formula, authParameters is an input parameter of the CMAC algorithm; the VehicleAuthenticationSN is interactive check information; the Server _ ePK is a first temporary public key of the vehicle Server; the SEAuthcode is second authentication information; AES is a symmetric key algorithm; CMAC is cipher block chaining-message authentication code algorithm; KVmac is an authentication key corresponding to the vehicle-mounted terminal security module.
And S414, after the verification is passed, the vehicle-mounted terminal safety module sends an authentication response to the vehicle-mounted terminal ECU.
Wherein the authentication response includes the second authentication information.
And S415, the vehicle-mounted terminal ECU sends the encrypted offline data to the vehicle-mounted terminal security module.
And S416, the vehicle-mounted terminal security module adopts the security channel key to check the legality of the offline data, decrypts the encrypted offline data, and updates the local data in an offline manner.
As in the above example, the vehicle terminal security module may use the secure channel key Kmac to verify the validity of the offline data, use the secure channel key Kenc to decrypt the encrypted offline data, and use the offline data to update the local data.
And S417, the vehicle-mounted terminal safety module sends an offline data updating response to the vehicle-mounted terminal ECU.
The offline data updating response can be a response of the vehicle-mounted terminal security module after the offline data updating is completed.
S418, optionally, the in-vehicle terminal ECU sends an authentication response and an offline data update response to the vehicle server.
According to the scheme, the first interaction party is embodied as the vehicle server, the second interaction party is embodied as the vehicle terminal, double verification of the second interaction party is realized by generating verification information and first authentication information, the fusion use of the symmetric key and the asymmetric key is realized by generating the interaction key, only under the condition that the symmetric key and the asymmetric key are simultaneously revealed, encrypted offline data can be cracked, the safety of data transmission is improved, meanwhile, the local data is updated through the offline data, the offline update of the local data of the vehicle terminal security module is realized, and the safety of data update is further improved.
The vehicle server and the vehicle-mounted terminal in the above example may also be interchanged, and the specific implementation process is the same as that in the above example, and will not be described herein again.
Example four
Fig. 5 is a schematic structural diagram of a data transmission device according to a fourth embodiment of the present invention. As shown in fig. 5, the apparatus includes: a first temporary key generation module 510, a first standard key acquisition module 520, a first mutual key generation module 530, a first authentication information generation module 540, and a first authentication information transmission module 550. Wherein,
a first temporary key generation module 510 configured to generate a first temporary public-private key pair, where the first temporary public-private key pair includes a first temporary public key and a first temporary private key;
a first standard key obtaining module 520, configured to obtain a first standard public key, a symmetric key, and interaction identification information;
a first interactive key generation module 530, configured to generate an interactive key according to the first temporary private key, the first standard public key, the symmetric key, and the interactive identification information, where the interactive key includes an authentication key and a secure channel key;
a first authentication information generating module 540, configured to generate first authentication information according to the authentication key;
the first authentication information sending module 550 is configured to send the first authentication information, the first temporary public key, and the interaction identification information to the second interaction party, so that the second interaction party verifies the first authentication information, and obtains and decrypts the interaction data transmitted by the first interaction party and encrypted based on the secure channel key when the verification passes.
According to the technical scheme of the embodiment of the invention, a first temporary public and private key pair is generated and comprises a first temporary public key and a first temporary private key, a first standard public key, a symmetric key and interaction identification information are obtained, and an interaction key is generated according to the first temporary private key, the first standard public key, the symmetric key and the interaction identification information and comprises an authentication key and a safe channel key, so that the fusion use of the symmetric key and the asymmetric key is realized; according to the authentication key, first authentication information is generated, the first authentication information, the first temporary public key and the interaction identification information are sent to a second interaction party, so that the second interaction party verifies the first authentication information, interaction data transmitted by the first interaction party and encrypted based on a secure channel key are obtained and decrypted when the verification is passed, the first authentication information is generated through the authentication key, verification of data transmission permission of the first interaction party by the second interaction party is achieved, encryption of the interaction data by the first interaction party is achieved based on the secure channel key, the process that the encrypted interaction data is decrypted by the second interaction party is achieved, data transmission of the second interaction party by the first interaction party is achieved, and safety of data transmission is improved.
In an alternative embodiment of the present invention, the first interaction key generation module 530 includes: a first shared secret generation unit, configured to generate a first shared secret according to the first temporary private key and the first standard public key; and the first interactive key generation unit is used for generating an interactive key according to the first shared secret, the symmetric key and the interactive identification information.
In an optional embodiment of the present invention, before the first mutual key generating unit generates the mutual key according to the first shared secret, the symmetric key and the mutual identification information, the first mutual key generating module 530 further includes: the second temporary public key receiving unit is used for receiving a second temporary public key sent by a second interactive party; a first interaction key generation unit comprising: a second shared secret generation subunit configured to generate a second shared secret based on the first ephemeral private key and the second ephemeral public key; and the first interactive key generation subunit is used for generating an interactive key according to the first shared secret, the second shared secret, the symmetric key and the interactive identification information.
In an optional embodiment of the present invention, after the first authentication information sending module 550 sends the first authentication information, the first temporary public key and the interaction identification information to the second interacting party, the apparatus further includes: the second authentication information receiving module is used for receiving second authentication information sent by a second interactive party; the second authentication information checking module is used for checking the second authentication information by adopting the authentication key; the interactive data encryption module is used for encrypting the interactive data by adopting the secure channel key when the verification is passed and transmitting the encrypted interactive data to the second interactive party; and the interactive data decryption module is used for acquiring the encrypted interactive data sent by the second interactive party and decrypting the encrypted interactive data to obtain the interactive data sent by the second interactive party.
The data transmission device provided by the embodiment of the invention can execute the data transmission method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 6 is a schematic structural diagram of a data transmission device according to a fifth embodiment of the present invention. As shown in fig. 6, the apparatus includes: a first authentication information receiving module 610, a second interactive key generating module 620, a first authentication information verifying module 630, an encrypted interactive data obtaining module 640, and an encrypted interactive data decrypting module 650. Wherein,
a first authentication information receiving module 610, configured to receive first authentication information, a first temporary public key, and interaction identification information sent by a first interaction party;
a second interactive key generation module 620, configured to obtain a first standard public and private key pair and a symmetric key, and generate an interactive key according to the first temporary public key, the first standard private key, the symmetric key, and the interactive identification information, where the interactive key includes an authentication key and a secure channel key;
a first authentication information verifying module 630, configured to verify the first authentication information according to the authentication key;
the encrypted interactive data obtaining module 640 is configured to obtain encrypted interactive data sent by the first interactive party when the verification passes;
and the encrypted interactive data decryption module 650 is configured to decrypt the encrypted interactive data with the secure channel key to obtain the interactive data.
The technical scheme of the embodiment of the invention obtains a first standard public and private key pair and a symmetric key by receiving first authentication information, a first temporary public key and interaction identification information sent by a first interactive party, generates an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interaction identification information, and the interactive key comprises an authentication key and a safe channel key; the first authentication information is verified according to the authentication key, and when the verification is passed, the encrypted interactive data sent by the first interactive party is obtained, so that the verification of the first authentication information by the second interactive party is realized; the encrypted interactive data is decrypted by adopting the secure channel key to obtain the interactive data, so that the process that the second interactive party obtains the interactive data transmitted by the first interactive party is realized, and the security of data transmission is improved
In an optional embodiment of the present invention, before the first authentication information receiving module 610 receives the first authentication information, the first temporary public key, and the interaction identification information sent by the first interacting party, the apparatus further includes: the second temporary key generation module is used for generating a second temporary public and private key pair and sending the second temporary public and private key pair to the first interaction party; a second interaction key generation module 620, comprising: a first shared secret generation unit, configured to generate a first shared secret according to the first temporary public key and the first standard private key; a second temporary key obtaining unit configured to obtain a second temporary private key; a second shared secret generation unit configured to generate a second shared secret based on the first temporary public key and the second temporary private key; and the second interactive key generation unit is used for generating an interactive key according to the first shared secret, the second shared secret, the symmetric key and the interactive identification information.
In an optional embodiment of the present invention, while the first authentication information receiving module 610 receives the first authentication information, the first temporary public key, and the interaction identification information sent by the first interacting party, the apparatus further includes: the interactive verification information acquisition module is used for acquiring interactive verification information and encrypted interactive data sent by a first interactive party; the interactive verification information verification module is used for acquiring prestored local verification information and verifying the interactive verification information; a second interaction key generation module 620, comprising: the third interactive key generation unit is used for generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information when the interactive verification information passes the verification; after the encrypted interactive data decryption module 650 decrypts the encrypted interactive data by using the secure channel key to obtain the interactive data, the apparatus further includes: and the local data updating module is used for updating the local data by adopting the interactive data.
The data transmission device provided by the embodiment of the invention can execute the data transmission method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE six
FIG. 7 illustrates a schematic diagram of an electronic device 700 that may be used to implement embodiments of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 7, the electronic device 700 includes at least one processor 701, and a memory communicatively connected to the at least one processor 701, such as a Read Only Memory (ROM) 702, a Random Access Memory (RAM) 703, and the like, where the memory stores computer programs executable by the at least one processor, and the processor 701 may perform various suitable actions and processes according to the computer programs stored in the Read Only Memory (ROM) 702 or the computer programs loaded from the storage unit 708 into the Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the electronic device 700 can also be stored. The processor 701, the ROM 702, and the RAM703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
A number of components in the electronic device 700 are connected to the I/O interface 705, including: an input unit 706 such as a keyboard, a mouse, or the like; an output unit 707 such as various types of displays, speakers, and the like; a storage unit 708 such as a magnetic disk, optical disk, or the like; and a communication unit 709 such as a network card, modem, wireless communication transceiver, etc. The communication unit 709 allows the electronic device 700 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
In some embodiments, the data transmission method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 708. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 700 via the ROM 702 and/or the communication unit 709. When the computer program is loaded into the RAM703 and executed by the processor 701, one or more steps of the data transmission method described above may be performed. Alternatively, in other embodiments, the processor 701 may be configured to perform the data transfer method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server may be a cloud Server, which is also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the conventional physical host and VPS (Virtual Private Server) service.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired result of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (12)
1. A data transmission method, applied to a first interacting party, the method comprising:
generating a first temporary public and private key pair, the first temporary public and private key pair comprising a first temporary public key and a first temporary private key;
acquiring a first standard public key, a symmetric key and interactive identification information;
generating an interactive key according to the first temporary private key, the first standard public key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
generating first authentication information according to the authentication key;
and sending the first authentication information, the first temporary public key and the interaction identification information to a second interaction party so that the second interaction party verifies the first authentication information, and acquires and decrypts the interaction data which is transmitted by the first interaction party and is encrypted based on the secure channel key when the verification is passed.
2. The method of claim 1, wherein generating an interaction key according to the first temporary private key, the first standard public key, the symmetric key, and the interaction identification information comprises:
generating a first shared secret according to the first temporary private key and the first standard public key;
and generating an interaction key according to the first shared secret, the symmetric key and the interaction identification information.
3. The method of claim 2, further comprising, prior to generating an interaction key based on the first shared secret, the symmetric key, and the interaction identification information:
receiving a second temporary public key sent by the second interactive party;
generating an interaction key according to the first shared secret, the symmetric key, and the interaction identification information, including:
generating a second shared secret according to the first temporary private key and the second temporary public key;
and generating an interaction key according to the first shared secret, the second shared secret, the symmetric key and the interaction identification information.
4. The method of claim 3, further comprising, after sending the first authentication information, the first temporary public key, and the interaction identification information to a second interacting party:
receiving second authentication information sent by the second interactive party;
verifying the second authentication information by adopting the authentication key;
when the verification is passed, encrypting the interactive data by adopting the secure channel key, and transmitting the interactive data to the second interactive party;
and acquiring the encrypted interactive data sent by the second interactive party, and decrypting to obtain the interactive data sent by the second interactive party.
5. The method of claim 2, further comprising, before sending the first authentication information, the first temporary public key, and the interaction identification information to a second interacting party:
acquiring interactive verification information;
acquiring offline data, and encrypting by adopting the secure channel key to obtain encrypted interactive data;
when the first authentication information, the first temporary public key and the interaction identification information are sent to a second interacting party, the method further comprises the following steps:
and sending the interactive verification information and the encrypted interactive data to the second interactive party so as to enable the second interactive party to verify the interactive verification information, verify the first authentication information when the interactive verification information passes verification, and decrypt and process the encrypted interactive data when the first authentication information passes verification.
6. A data transmission method, applied to a second interacting party, the method comprising:
receiving first authentication information, a first temporary public key and interaction identification information sent by a first interaction party;
acquiring a first standard public and private key pair and a symmetric key, and generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
verifying the first authentication information according to the authentication key;
when the verification is passed, acquiring the encrypted interactive data sent by the first interactive party;
and decrypting the encrypted interactive data by adopting the secure channel key to obtain interactive data.
7. The method of claim 6, further comprising, before receiving the first authentication information, the first temporary public key and the interaction identification information sent by the first interacting party:
generating a second temporary public and private key pair, and sending a second temporary public key to the first interaction party;
generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, including:
generating a first shared secret according to the first temporary public key and the first standard private key;
acquiring a second temporary private key;
generating a second shared secret according to the first temporary public key and the second temporary private key;
and generating an interaction key according to the first shared secret, the second shared secret, the symmetric key and the interaction identification information.
8. The method of claim 6, further comprising, while receiving the first authentication information, the first temporary public key and the interaction identification information sent by the first interacting party:
acquiring interactive verification information and encrypted interactive data sent by the first interactive party;
acquiring pre-stored local verification information, and verifying the interactive verification information;
generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, including:
when the interactive verification information passes verification, generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information;
after the encrypted interactive data is decrypted by using the secure channel key to obtain the interactive data, the method further includes:
and updating local data by adopting the interactive data.
9. A data transmission apparatus, for use with a first party, the apparatus comprising:
the system comprises a first temporary key generation module, a first temporary public and private key generation module and a second temporary key generation module, wherein the first temporary key generation module is used for generating a first temporary public and private key pair, and the first temporary public and private key pair comprises a first temporary public key and a first temporary private key;
the first standard key acquisition module is used for acquiring a first standard public key, a symmetric key and interactive identification information;
a first interactive key generation module, configured to generate an interactive key according to the first temporary private key, the first standard public key, the symmetric key, and the interactive identification information, where the interactive key includes an authentication key and a secure channel key;
the first authentication information generation module is used for generating first authentication information according to the authentication key;
and the first authentication information sending module is used for sending the first authentication information, the first temporary public key and the interaction identification information to a second interaction party so as to enable the second interaction party to verify the first authentication information and acquire and decrypt the interaction data which is transmitted by the first interaction party and is encrypted based on the secure channel key when the verification is passed.
10. A data transmission apparatus, for use with a second party, the apparatus comprising:
the first authentication information receiving module is used for receiving first authentication information, a first temporary public key and interaction identification information sent by a first interaction party;
the second interactive key generation module is used for acquiring a first standard public and private key pair and a symmetric key and generating an interactive key according to the first temporary public key, the first standard private key, the symmetric key and the interactive identification information, wherein the interactive key comprises an authentication key and a secure channel key;
the first authentication information checking module is used for checking the first authentication information according to the authentication key;
the encrypted interactive data acquisition module is used for acquiring the encrypted interactive data sent by the first interactive party when the verification is passed;
and the encrypted interactive data decryption module is used for decrypting the encrypted interactive data by adopting the secure channel key to obtain the interactive data.
11. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data transfer method of any one of claims 1-8.
12. A computer-readable storage medium storing computer instructions for causing a processor to perform the data transmission method of any one of claims 1 to 8 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211492585.4A CN115865460A (en) | 2022-11-25 | 2022-11-25 | Data transmission method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211492585.4A CN115865460A (en) | 2022-11-25 | 2022-11-25 | Data transmission method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115865460A true CN115865460A (en) | 2023-03-28 |
Family
ID=85666593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211492585.4A Pending CN115865460A (en) | 2022-11-25 | 2022-11-25 | Data transmission method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115865460A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
-
2022
- 2022-11-25 CN CN202211492585.4A patent/CN115865460A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527419A (en) * | 2023-12-06 | 2024-02-06 | 北京东方通科技股份有限公司 | Safety transmission method for identification data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11128478B2 (en) | System access using a mobile device | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| CN106161032B (en) | A kind of identity authentication method and device | |
| US10567428B2 (en) | Secure wireless ranging | |
| WO2018046009A1 (en) | Block chain identity system | |
| ES2687191T3 (en) | Network authentication method for secure electronic transactions | |
| CN111028397B (en) | Authentication method and device, and vehicle control method and device | |
| US9525557B2 (en) | Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method | |
| TWI809292B (en) | Data encryption and decryption method, device, storage medium and encrypted file | |
| US20180219688A1 (en) | Information Transmission Method and Mobile Device | |
| US9178881B2 (en) | Proof of device genuineness | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN109800588B (en) | Dynamic bar code encryption method and device and dynamic bar code decryption method and device | |
| CN112737774B (en) | Data transmission method, device and storage medium in network conference | |
| CN109639644B (en) | Authorization verification method and device, storage medium and electronic equipment | |
| CN105162797A (en) | Bidirectional authentication method based on video surveillance system | |
| CN101964805B (en) | Method, equipment and system for safely sending and receiving data | |
| CN104219208B (en) | A kind of method, apparatus of data input | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN115865460A (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN104753682A (en) | Generating system and method of session keys | |
| CN105827403B (en) | Security method, security gate and server | |
| CN107682380B (en) | Cross authentication method and device | |
| CN107920097B (en) | Unlocking method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |